1. Field of the Invention
The present invention relates to satellite communications systems and methods having message authentication.
2. Related Art
Telecommunications and computers have revolutionized modern society In the past, information was exchanged by much slower methods, such as letters and written documents. Business records were kept using manual systems The information used in these manual systems typically was stored on paper, which was locked up and kept secure from unauthorized users.
Telecommunications and computers have produced an incredible increase in efficiency and productivity. It is for these reasons that experts believe that the proliferation of telecommunications and computers into all aspects of modern life will continue to accelerate in the future. Such technology literally will permeate society in the not too distant future.
The so-called electronic office is predicated to be commonplace within the next five years in major corporations in the industrialized world. Such an electronic office will allow users to access vast amounts of information stored in centralized electronic databases. These electronic databases will replace the manual files used in the past. Remote terminals located throughout the corporation or entity having the system will allow individuals to communicate between terminals and with the centralized data bank. Electronic mail will become extremely commonplace, replacing the written documents that are mailed today. Communications will be almost instantaneous. The vital information relating to the business or entity owning the system will be available to unauthorized users who can gain access into such systems.
Communications and telecommunications have also had a profound impact on merchandising of products and services. Terminals can be located at geographically separated locations where retail stores or service offices are located. They can communicate with each other and with central administration and shipping sites via electronic networks. This allows the accounting and inventory functions to be performed substantially in real-time. Again, if an unauthorized user can gain access into such a system, he or she will be able to steal information or products from the owner of the system.
Perhaps one of the industries most affected by these advances in telecommunications and computers is the financial industry. These two technologies have spawned many new financial services, such as automatic teller machines (ATMs) and electronic fund transfers (EFTs). These technologies have introduced new scales of efficiency. They have improved the speed and integrity of almost all financial transactions. However, many people believe that these technologies have also produced a concomitant increase in the vulnerability of the financial industry to sophisticated thieves, who are able to gain unauthorized access into the financial network through these electronic systems. It is essential that the financial information communicated over these electronic networks be secure and accurate. It is commonplace today for banks to transfer large amounts of money very rapidly using electronic fund transfer systems. General consumer transactions involving banking customers increasingly are using these electronic systems, due to the cost savings that are obtained by eliminating the manual help used previously.
However, all of these financial data transactions conducted over these electronic systems are subject to unauthorized modification, disclosure or use. Such invasion of the communication path of the electronic network by an unauthorized user or party may be labeled as either an "active" or "passive" attack.
An active attack is one in which the unauthorized party modifies data traveling along the communications path or link, or injects a fraudulent simulation of a valid communication from a point along the communications path or link. An active attack may also result where the communications channel or link itself introduces distortion into the transmitted information, which is not detected by the receiving station. Any of these occurrences results in improper information being received by the receiving station. If the receiving station should act upon this information, the result can be a loss to the owner of the system. Obviously, with the vast amounts of money that are being exchanged over these electronic systems daily, this problem becomes particularly acute when the system is being attacked by a sophisticated thief who is able not only to steal the money, but to make it appear that the money has not been stolen.
A passive attack, on the other hand, is one in which the unauthorized party intercepts information traveling along the communications path or link without altering the information. In certain financial situations, a passive attack is not of very great concern because the unauthorized listener cannot modify the information being exchanged to produce a desired result. However, many times very confidential information is exchanged over these electronic networks. If an unauthorized party is able to obtain this information surreptitiously, he or she may be able to use it for his or her gain and to the detriment of the rightful owner of this information. This can occur, for example, in financial transactions that are very time-sensitive, such as mergers and acquisitions, where the unauthorized user can make vast sums of money by buying stock right before such business deals are announced. Also, oftentimes confidential information concerning new products or services are exchanged from various sites within the network. A competitor who can obtain this information will be at an advantage, particularly if this information is obtained without detection.
Traditionally, both active and passive attacks on telecommunications networks or systems have been guarded against by encrypting the data that is transmitted. Considerable work has been done to develop elaborate encryption schemes that are allegedly resistant to both active and passive attack. Another approach that has been used is that of access codes. Access codes are used to identify valid communications and to prevent an unauthorized party from entering the communications network. Often these access codes are changed periodically.
As a general rule, the more complex the encryption scheme or the access code, the more difficult it is for an unauthorized user to break or obtain it. However, it is also a general rule that with a sufficient amount of time and computer power, most encryption schemes and access codes can be broken. Further, access codes oftentimes can be stolen and used by unauthorized parties without detection. It literally has become a cat and mouse game, with the owner of the electronic system constantly trying to make it more difficult for unauthorized users to infiltrate the electronic system, and with the unauthorized users becoming increasingly more sophisticated as they overcome the obstacles set before them.
The complexity of the traditional methods of encryption and access codes has also been increased by the increase in the complexity of the communications systems or networks themselves. The rapid proliferation of the microcomputer has been followed with the concept of a microcomputer network. In essence, this allows microcomputers to be linked to each other over a common communications network. This network can be connected to more powerful main frame computers and to other electronic devices and peripherals. What results is a communications network having hundreds to thousands of remote terminals all connected to each other electronically. These terminals can communicate with each other simultaneously or approximately simultaneously in real time.
These advances in communications networking have resulted in communications systems being established throughout the world. With such geographic dispersion of remote computer locations, the satellite has come into play as an important communications tool. However, the introduction of satellite communication systems causes new problems relating to security and accuracy. Satellite communication channels are exposed both to active and passive attack. A satellite communications channel comprises at least two communication links: the first is the uplink from the transmitter or source of information to the satellite; and, the second is the downlink from the satellite to the remote receiver. Information in the satellite communication channel can be intercepted simply by positioning an antenna within the broadcast range of the downlink transmission.
Similarly, unauthorized information may be injected into the communications path simply by introducing a transmission anywhere along the path of the uplink or the downlink. Thus, it is seen that a satellite communications system is particularly susceptible to an active attack. To prevent active attack on a satellite communications network, it is known to provide each user of the network with an access or identification code. This access or identification code must be verified by a receiver before the information on the communications path or link will be recognized as valid. In this manner, an unauthorized user will be prevented from interjecting information without an access code.
Similarly, both active and passive attack may be inhibited by encrypting the data to be transmitted. In this manner, an unauthorized user who intercepts the communications will not be able to decipher the information from the satellite system without the key to the encryption code. Further, the unauthorized user will not be able to provide encrypted unauthorized messages into the communications link since he will not be able to properly encrypt the unauthorized message.
Each of the traditional active and passive attack prevention methods, no matter how complex, suffers from an inherent drawback: no protection is provided against an unauthorized party who has knowledge of the access code or the encryption key. Thieves thus go to great lengths to obtain the access code and encryption key. One method that is used by them is to intercept a transmitted encrypted message, and then to "reverse engineer" or analyze the message to determine its encryption key. Oftentimes, however, considerable cryptanalytic skill is needed to successfully reverse engineer the encryption key.
Another method is "key exhaustion." Here, brute force combined with computer speed used to try every possible key combination until the correct key combination is reached. For example, with an n bit key, 2.sup.n key combinations will guarantee a solution. The key exhaustion approach is particularly dangerous since no cryptanalytic skill is needed. Any computer "hacker" can use it. Under either approach, once the encryption code is broken, it is useless. Oftentimes, the owner of the communications network cannot tell when a particular encryption key has been broken. Thus, the system can be vulnerable for a long period of time after the encryption key has been obtained.
The financial industry is increasingly utilizing electronic fund transfer techniques and automatic teller machines. Both of these devices create potentially very large risks to the financial network. In response to these risks, the financial industry has put great effort into increasing the complexity of the access and encryption codes in order to decrease the possibility that the codes will be broken. However, if sufficient computational power is brought to bear on the financial network, and sufficient time is available, many experts believe that any encryption scheme presently used may be broken. Given the increased amount of money being transferred by such financial networks (which oftentimes use satellite communications systems), the reward to a thief who can break the code has become so high that, in conjunction with the rapidly decreasing cost of computational power, the risk in investing in computational power sufficient to break a complex code has become reasonable.
Because the complexity of the encryption scheme can no longer guarantee immunity from active attack, there is a great need in the financial industry, as well as in other industries, for a new method of protection for data exchanges, particularly those over satellite communications networks. Further, there is a need for a method of protection which may be implemented using general purpose/cost-effective terminals and communications equipment. Current commercial cryptographic systems are generally not easy to implement or maintain because of complicated key management requirements. In other words, the encryption keys must be updated constantly. Often, the only effective way of doing this is to physically visit the remote site at which the key is being updated and to input the new key there. This is very time-consuming and costly to do.
Other non-commercial cryptographic systems are equally impractical for the financial industry, as well as other industries. Such systems generally fall into three categories: specialized hardware devices, specific software methodologies, and hybrid systems. Specialized hardware devices are often not commercially feasible due to cost, method of transmission, or maintainability. They often can be defeated simply by stealing or otherwise duplicating the hardware device. Software methods offer security through algorithmic complexity, but depend on the secrecy of the key or scramble method to avoid compromise. Hybrid systems gain strength by having advantages of both hardware and software schemes, but they, like the other systems, ultimately depend on some part or parts of the process being kept secret from others, but known to authorized users. Obviously, once these part or parts are no longer secret to unauthorized users, the system has been compromised and is vulnerable to active and/or passive attack.